예제 #1
0
        public bool CanPerformActionOnResource(IUser user, IResource resource,
                                               ActionType action,
                                               out string message)
        {
            bool canPerformAction = false;

            if (!_resources.ContainsKey(resource.Name))
            {
                message = "Resource: " + resource.Name + "doesn't exist";
            }

            else if (!resource.IsValidAction(action))
            {
                message = "Invalid action for resource: " + resource.Name;
            }

            else if (resource.IsResourceSpecificUser(user))
            {
                canPerformAction = resource.CanPerformAction(user, action, out message);
            }

            //user is not a specific resource user
            //system wide roles will be used to
            //check if action can be performed
            else
            {
                if (!_systemWideRoles.ContainsKey(user))
                {
                    message = "User: "******"doesn't have required permission";
                }

                else
                {
                    var allUserRoles = this._systemWideRoles[user];
                    foreach (var entry in allUserRoles)
                    {
                        //system applies most inclusive permission
                        canPerformAction = canPerformAction || entry.IsPermittedAction(action);
                    }

                    if (canPerformAction)
                    {
                        message = "User: "******"can perform requested action on resource: " + resource.Name;
                    }

                    else
                    {
                        message = "User: "******"cannot perform requested action on resource: " + resource.Name;
                    }
                }
            }

            return(canPerformAction);
        }